So I am querying my index like this right now:
{
"query": {
"match_all" : { }
},
"size": 1,
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
And I get the whole set of data, like you are supposed to with "match_all". My question is how do you query only specific fields in a event.
For example, if my fields in Kibana are like this:
Then How do I ONLY grab the "_type" field in a HTTP query?
Check out https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-request-source-filtering.html
That worked, I also made a stack overflow post about this and got a pretty good answer.
Here is my new query:
{
"query": {
"match_all": { }
},
"size": 1,
"_source": {
"includes": [ "transport", "dest", "packet_source", "id_orig_p", "id_orig_p", "id_orig_h", "conn_state", "id_resp_h", "id_resp_p", "service", "proto" ]
} ,
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
Thanks for the help!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.